From 8023b224985d5853a624ebd4a1ff7b8d79ece433 Mon Sep 17 00:00:00 2001
From: Maximilian Hils <git@maximilianhils.com>
Date: Thu, 8 Sep 2022 19:42:09 +0200
Subject: [PATCH] Docker: assume uid of who holds permissions (#5550)

* Docker: assume uid of who holds permissions

* add docs
---
 release/docker/DockerHub-README.md  | 1 +
 release/docker/docker-entrypoint.sh | 7 ++++++-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/release/docker/DockerHub-README.md b/release/docker/DockerHub-README.md
index f202e373a..d52f4d641 100644
--- a/release/docker/DockerHub-README.md
+++ b/release/docker/DockerHub-README.md
@@ -45,6 +45,7 @@ Proxy server listening at http://*:8080
 [...]
 ```
 
+If `~/.mitmproxy/mitmproxy-ca.pem` is present in the container, mitmproxy will assume uid and gid from the file owner.
 For further details, please consult the mitmproxy [documentation](http://docs.mitmproxy.org/en/stable/).
 
 ## Tags
diff --git a/release/docker/docker-entrypoint.sh b/release/docker/docker-entrypoint.sh
index 3aaefe72f..93449c066 100755
--- a/release/docker/docker-entrypoint.sh
+++ b/release/docker/docker-entrypoint.sh
@@ -9,7 +9,12 @@ MITMPROXY_PATH="/home/mitmproxy/.mitmproxy"
 
 if [[ "$1" = "mitmdump" || "$1" = "mitmproxy" || "$1" = "mitmweb" ]]; then
   mkdir -p "$MITMPROXY_PATH"
-  chown -R mitmproxy:mitmproxy "$MITMPROXY_PATH"
+  if [ -f "$MITMPROXY_PATH/mitmproxy-ca.pem" ]; then
+    usermod -o \
+        -u $(stat -c "%u" "$MITMPROXY_PATH/mitmproxy-ca.pem") \
+        -g $(stat -c "%g" "$MITMPROXY_PATH/mitmproxy-ca.pem") \
+        mitmproxy
+  fi
   gosu mitmproxy "$@"
 else
   exec "$@"